SYM_CONF_0147 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Vertex AI dataset resource is not configured to use a Customer Managed Key (CMK) for encryption. This means data is not encrypted with a key you control, reducing your ability to manage and audit access.
Impact
Without a CMK, sensitive data in Vertex AI datasets relies on default encryption, which limits your control over key rotation and access management. If compromised, attackers may gain unauthorized access to unencrypted or weakly protected data, exposing sensitive information and increasing compliance risks.